STM1403
3V FIPS-140 Security Supervisor with Battery Switchover
DATA BRIEFING
FEATURES*
■
■
■
■ ■
STM1403 SUPPORTS FIPS-140 SECURITY LEVEL 3+ – 4 High-Impedance Physical Tamper Inputs – Over/Under Operating Voltage Detector – Security Alarm (SAL) on Tamper Detection SUPERVISORY FUNCTIONS – Automatic Battery Switchover – RST Output (Open Drain) – Manual (Push-button) Reset Input (MR) – Power-fail Comparator (PFI/PFO) Vccsw (VCC SWITCH OUTPUT) – Low When Switched to VCC – High When Switched to VBAT (BATT ON Indicator) BATTERY LOW VOLTAGE DETECTOR (POWER-UP) OPTIONAL VREF (1.237V) (Available for STM1403A only) LOW BATTERY SUPPLY CURRENT (2.8µA, typ) SECURE LOW PROFILE 16-PIN, 3x3mm, QFN PACKAGE
Figure 1. Package
QFN16, 3mm x 3mm (Q)
■ ■
Table 1. Device Options
STM704 Functions(1) STM1403A STM1403B STM1403C ✔ ✔ ✔ Physical Tamper Inputs ✔ ✔ ✔ Over/Under Over/Under Voltage Temperature Alarms Alarms ✔ ✔ ✔ VREF (1.237V) Option ✔ Note 3 Note 3 VOUT Status, During Alarm ON High-Z Ground Vccsw Status, During Alarm Normal Mode(2) High High
Note: 1. SAL, RST , PFO, and BLD are Open Drain. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. Pin 9 is the VREF pin for STM1403A. It is the VTPU pin for STM1403B/C.
* Contact local ST sales office for the full datasheet.
October 2005
For further information contact your local ST sales office.
Rev 4.0 1/9
STM1403
SUMMARY DESCRIPTION
The STM1403 family of security supervisors are a low power family of intrusion (tamper) detection chips targeted at manufacturers of POS terminals and other systems, to enable them to meet physical and/or environmental intrusion monitoring requirements as mandated by various standards, such as Federal Information Processing Standards (FIPS) Pub 140 entitled “Security Requirements for Cryptographic Modules,” published by the National Institute of Standards and Technology, U.S. Department of Commerce), EMVCo, ISO, ZKA, and VISA PED. STM1403 supports target levels 3 and lower The STM1403 includes Automatic Battery Switchover, RST Output (Open Drain), Manual (Push-button) Reset Input (MR ), Power-fail Comparator (PFI/PFO), Physical and/or Environmental Tamper Detect/Security Alarm, and Battery Low Voltage Detect features. The STM1403A also offers a VREF (1.237V) as an option on pin 9. On the STM1403B/C, this pin is VTPU (internally switched VCC or VBAT). Figure 2. Logic Diagram VOUT Pin Modes The STM1403 is available in three versions, corresponding to three modes of the VOUT pin (Supply Voltage Out), when the SAL (Security Alarm) is asserted (active-low) upon tamper detection: STM1403A. VOUT stays ON (at VCC or VBAT) when SAL is driven low (activated). STM1403B. VOUT is set to High-Z when SAL is driven low (activated). STM1403C. VOUT is driven to Ground when SAL is activated (may be used when VOUT is connected directly to the VCC pin of the external SRAM that holds the cryptographic codes). All variants (see Table 1., Device Options) are pincompatible and available in a security-friendly, low profile, 16-pin QFN package.
Table 2. Signal Names
Vccsw(1) MR VCC Switch Output Manual (Push-button) Reset Input Power-fail Input Independent Physical Tamper Detect Pins 1 through 4 Supply Voltage Output Active-low Reset Output Power-fail Output Security Alarm Output Battery Low Voltage Detect 1.237V Reference Voltage Tamper Pull-up (VCC or VBAT) Back-up Supply Voltage Supply Voltage Ground
BLD(3)
VREF or VBAT VCC VTPU(1) VOUT RST(3) STM1403 PFO(3) SAL(3)
PFI TP1 - TP4 VOUT
VCCSW(2) MR PFI TP1 (NH)
RST
(2)
PFO(2) SAL
(2)
BLD(2) VREF(3)
TP2 TP3 (NL) (NH)
TP4 VSS (NL)
AI09682
VTPU(3) VBAT VCC VSS
Note: 1. VREF only for STM1403A; VTPU for STM1403B/C. 2. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 3. SAL, RST , PFO, and BLD are Open Drain.
Note: See PIN DESCRIPTIONS, page 9 of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST , PFO, and BLD are Open Drain. 3. VREF only for STM1403A; VTPU for STM1403B/C.
2/9
STM1403
Figure 3. QFN16 Connections
BLD(2) PFI VCCSW(1) VCC 16 1 2 3 4 5 6 7 15 14 13 12 11 10 8 9
RST(2) MR SAL(2) VSS
VOUT VBAT PFO(2) VREF or VTPU(3)
TP1 TP2 TP3 (NH) (NL) (NH)
TP4 (NL)
AI09683
Note: See PIN DESCRIPTIONS, page 9 of the full datasheet for details. 1. Normal Mode: Low when VOUT is internally switched to VCC and High when VOUT is internally switched to battery. 2. SAL, RST , PFO, and BLD are Open Drain. 3. VREF only for STM1403A; VTPU for STM1403B/C.
3/9
STM1403
Figure 4. Block Diagram
VCC BAT54J(1,2) VBAT(1) VINT MR PFI VPFI COMPARE VSO COMPARE VCCSW VRST COMPARE trec Generator RST(3) PFO(3) VOUT
VDET
COMPARE @ POWER-UP
BLD(3) VTPU(4)
1.237V VREF Generator
VREF(4)
VHV
COMPARE
VLV TP1 (NH) TP2 (NL) TP3 (NH) TP4 (NL)
COMPARE
SAL(3)
AI09684
Note: 1. 2. 3. 4.
BAT54J (from STMicroelectronics) recommended. Required for battery-reverse charging protection. Open Drain VREF only for STM1403; VTPU for STM1403B/C.
4/9
STM1403
TAMPER DETECTION
Physical There are four (4) high-impedance physical tamper detect input pins, 2 normally set to High (NH) and 2 normally set to Low (NL). Each input is designed with a glitch immunity. These inputs can be connected externally to several types of actuator devices (e.g., switches, wire mesh). A tamper on any one of the four inputs that causes its state to change will trigger the security alarm (SAL) and drive it to active-low. Once the tamper condition no longer exists, the SAL will return to its normal High state. TP1 and TP3 are set Normally to High (NH). They are connected externally through a closed switch or a high-impedance resistor to VOUT (in the case of STM1403A) or VTPU (in the case of STM1403B/ C), A tamper condition will be detected when the input pin is pulled low. If not used, tie the pin to VOUT or VTPU. TP2 and TP4 are set Normally to Low (NL). They are connected externally through a high-impedance resistor or a closed switch to VSS. A tamper condition will be detected when the input pin is pulled high. If not used, tie the pin to VSS. Supply Voltage The internally switched supply voltage, VINT (either VCC input or VBAT input) is continuously monitored. If VINT should exceed the over voltage trip point, VHV (set at 4.2V, typical), or should go below the under voltage trip point, VLV (set at 2.0v, typical). SAL will be driven active-low. Once the tamper condition no longer exists, the SAL pin will return to its normal High state. When no tamper condition exists, SAL is normally High. When a tamper is detected, the SAL is activated (driven low), independent of the part type. VOUT can be driven to one of three states, depending on which variant of STM1403 is being used (see Device Options, page 1): ■ ON; ■ High-Z; or ■ Ground (VSS). Note: The STM1403 must be initially powered above VRST to enable the tamper detection alarms. For example, if the battery is on while VCC = 0V, no alarm condition can be detected until VCC rises above VRST (and trec expires). From this point on, alarms can be detected either on battery or VCC. This is done to avoid false alarms when the device goes from no power to its operational state.
5/9
STM1403
PART NUMBERING
Table 3. Ordering Information Scheme (see Figure 5., page 7 for Marking Information)
Example: STM1403 A T M – Q 6 F
Device Type STM1403: Physical, Voltage Tamper Detect
VOUT Status (SAL = Active-Low) A: VOUT = ON; Vccsw = Normal Mode B: VOUT = High-Z; Vccsw = High C: VOUT = Ground; Vccsw = High
Reset Threshold Voltage T: VRST = 3.00V to 3.15V S: VRST = 2.85V to 3.00V R: VRST = 2.55V to 2.70V
Battery Low Voltage Detect Threshold (VDET) M: VDET = 2.3V (Typ) N: VDET = 2.5V (Typ) O: VDET = 3.2V (Typ)
Package Q = QFN16 (3mm x 3mm)
Temperature Range 6 = –40 to 85°C
Shipping Method F = ECOPACK Package, Tape & Reel
For other options, or for more information on any aspect of this device, please contact the ST Sales Office nearest you.
6/9
STM1403
Figure 5. Topside Marking Information
03 XXX(1) YWW(2)
AI11878
Note: 1. Options codes: X = A, B, or C (for VOUT) X = T, S, or R (for Reset Threshold) X = M, N, or O (for Battery Low Voltage Detect Threshold) 2. Traceability Codes Y = Year WW = Work Week
7/9
STM1403
REVISION HISTORY
Table 4. Document Revision History
Date 11-October-04 26-Nov-04 22-Dec-04 03-Feb-05 25-Feb-05 06-May-05 05-Aug-05 13-Oct-05 Revision 1.0 1.1 1.2 1.3 1.4 2.0 3.0 4.0 First Edition Corrected footprint dimensions; update characteristics (Figure 2, 3, 4, 5, 6, 7, 8, 9, 27, 28, 31; Table 1, 2, 3, 6, 7) Update characteristics (Figure 5; Table 6, 7, 3) Update characteristics (Figure 5; Table 6, 7) Update temperature trip limits (Table 3) v2.0 of DB corresponds to v1.5 of DS v3.0 of DB corresponds to v2.0 of DS v4.0 of DB corresponds to v3.0 of DS; addition of datasheet availability Description
8/9
STM1403
Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics. The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners © 2005 STMicroelectronics - All rights reserved STMicroelectronics group of companies Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan Malaysia - Malta - Morocco - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America www.st.com
9/9